Vulnerabilities > Adobe > Magento Open Source > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-27 | CVE-2023-22249 | Cross-site Scripting vulnerability in Adobe Commerce and Magento Open Source Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. | 4.8 |
| 2023-03-27 | CVE-2023-22250 | Improper Access Control vulnerability in Adobe Commerce and Magento Open Source Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 5.3 |
| 2023-03-27 | CVE-2023-22251 | Incorrect Authorization vulnerability in Adobe Commerce and Magento Open Source Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. | 4.3 |
| 2022-10-14 | CVE-2022-35689 | Unspecified vulnerability in Adobe Commerce and Magento Open Source Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 5.3 |
| 2022-10-14 | CVE-2022-35698 | Cross-site Scripting vulnerability in Adobe Commerce and Magento Open Source Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. | 5.4 |
| 2021-10-15 | CVE-2021-39864 | Cross-Site Request Forgery (CSRF) vulnerability in Adobe Commerce and Magento Open Source Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) and 2.3.7p1 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via a Wishlist Share Link. | 6.5 |
| 2021-09-01 | CVE-2021-36012 | Unspecified vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a business logic error in the placeOrder graphql mutation. | 6.5 |
| 2021-09-01 | CVE-2021-36026 | Cross-site Scripting vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 6.1 |
| 2021-09-01 | CVE-2021-36027 | Cross-site Scripting vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 6.1 |
| 2021-09-01 | CVE-2021-36037 | Unspecified vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. | 6.5 |